This Privacy and Data Protection Policy has been approved by Nick Morton and Simon Morton, Directors of Supplyant and is to be used by partners of the Digital Future First Project, SEMLEP Call OC31S19P1338, Digital Skills Resilience Investment Priority 2.2: Improving the labour market relevance of education and training systems.
In accordance with this policy, all staff are responsible for managing, storing appropriately and disposing of the information they create and receive as part of their normal daily business activities. Partner organisations will ensure that this Policy is followed by their staff, clients, board members, volunteers, service participants and wider stakeholders. This Policy also applies to records that third parties manage on behalf of Supplyant and should be read in conjunction with the Document Retention Policy
Supplyant recognises and understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our customers, subscribers and website visitors and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law. This policy explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
What is personal data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Under the GDPR, you have the following rights, which we will always work to uphold:
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
We may collect some or all the following data (this may vary according to your relationship with us): Name; Job Title; Employer’s Name; Correspondence Address; E-mail Address; Phone Number(s); Social Media Accounts; Payment Information, and; Information about your preferences and interests. If you believe that any information we are holding on you is incorrect or incomplete, please write to or e-mail us as soon as possible. We will promptly correct any information found to be incorrect.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. For example, if you are a current client of ours, then it is permissible for us to use your relevant data in how we fulfil our contract with you. More broadly, your data may be used for one of the following purposes:
We may also use the information to improve our products and services (e.g. we may use the information to help customise our website according to your interests.)
If you do not wish us to use your data for any of the purposes described above, then please contact us and let us know, so that we can make any necessary revisions.
We won’t keep your personal data for any longer than is necessary in respect of the reason(s) for which it was first collected.
Where we have been contracted to deliver a service to you, or where you have acted as a client point of contact for a service we have delivered, we shall retain your contact details for a minimum period of three years;
Where you have opted in to receive communications from us, we shall retain the details you have provided for so long as you remain an active subscriber (i.e. you have not unsubscribed);
Where you have contacted us to enquire about our products and services, we shall retain your contact details for a minimum period of 12 months, as we are mindful that you may not necessarily make an immediate decision as to whether you may make a purchase.
If you wish to exercise your right to be forgotten, and have all data held about you deleted from our records (and where this does not otherwise compromise an active and current contract between your organisation and CB Solutions) please contact us to this end, and this will be facilitated.
As stated in the latest Document Retention Policy, the default standard retention period for ESIF contracted programme records is 11 years plus current, otherwise known as 11 years + 1. Records will be retained securely for this period in line with the Managing Authority and EU Audit requirements. (Article 140 Commission Regulation in that all projects under the ESF 2014-2020 Programme must ensure they keep all documents for 10 years after their final ESF claim is paid by the ESF Managing Authority). Control of these documents will be by authorised Directors of Supplyant
We may store or transfer some or all your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK.
To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure any information we collect online (e.g. if you input any personal data into our website).
We will not share any of your personal data with any third parties for any purposes, subject to one important exception. In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
Please note that our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. If you would like to know more about the specific third-party links which we use on our website, please write to us for details.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and addressed to Supplyant, 35 Duncan Close, Northampton NN3 6WL. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
How do you contact us?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: firstname.lastname@example.org
This policy will be reviewed annually, or as and when legislative and regulatory requirements may warrant a revision and it will always be available on our website. If you would like us to send you a copy of the policy each time it is updated, please contact us to this end.
Digital Future First is part funded by the European Social Fund and led by Supplyant Limited, and co-developed in partnership with Database for Business Limited and the Learning and Skills Academy CIC
34-35 Duncan Close, Moulton Park Ind Est, Northampton, NN3 6WL